Updated myPay Password Rules (May 2014)

The FBI reports that Internet crime continues to rise. Today’s lifestyles means more of us are online to keep in touch with friends and family, purchase retail goods and manage our financial, medical and personal business.                         

Access to your myPay account is protected by your login credentials (login name and password) and your online habits. myPay is protected by state-of-the-art security and round-the-clock monitoring. But security of your account depends on you!

Here we’ll keep you updated on the latest rules regarding your password, requesting new user IDs and passwords, and other things you can do to keep your myPay experience secure. 

With the Spring 2014 release, myPay will be updating its system password rules that meets the intent of DoD security policies and customer feedback. This means all users who access myPay with their login ID and password must create a new password using the following rules:

  • Must be 9 to 30 characters in length
  • Contain at least one UPPERCASE letter
  • Contain at least one lowercase letter
  • Contain at least one number (0-9)
  • Contain at least one of the following special characters:

# (pound or number sign)
@ (at sign)
$ (dollar sign)
= (equal sign)
+ (plus sign)
% (percent sign)
^ (caret)
! (exclamation)
* (asterisk)
_ (underline/underscore)

  • Must NOT include any spaces

Additionally, passwords will now expire every 150 days requiring users to change their passwords.

(Check out our Tips & Tricks page on getting your new password up and running!)

About 10 days before your password expires, you will receive an email advising you to update your password to avoid delays logging into myPay. Make sure the email address recorded in your myPay profile is current to ensure you receive these important notices.


When you create your new password or update it in the future, its security depends on you. Whether you rely on your memory, writing down passwords on paper or creating a computer file, it’s vital that your passwords are never exposed to others.

If you must write down your password on a piece of paper, make sure it stays locked up in a secure place. If you save it to your computer, flash drive or other media device, make sure the document is encrypted and/or password protected.

Want to learn more about keeping your online accounts safe? Our online security section has actions you should take to help protect your personal information from scams and identity theft. 


If you log into myPay using your DoD Common Access Card (CAC) or Personal Identity Verification (PIV) Card, you will not be required to provide your password in order to review and manage your account online unless you are new to myPay and logging in for the first time. All users are required to register a login ID and password even if you use a smartcard. 


  1. When you initially set up your myPay account.
  2. When your password is 150 days old.


If you provide authorization for a trusted family member, friend or associate to access your pay information without the ability to make changes, they will be required to change the password every 150 days also. The same rules apply to the limited access password as your primary access password and they will be prompted by screen displays when the password change is necessary.

And remember, you always have control over who has limited access to your myPay account. 

Page updated December 18, 2013.